Recently active topics

As part of a network initiative, I’m sharing all the scripts that I have worked on to create an audit program. These files feed are then fed into PowerBi for better visualization by engineers and mgmt.Power Bi Display of Forward NQE Script Arista Check /*** * @intent SNMP Validation (eos) * @description Validates Arista EOS SNMP configs and extracts all snmp-server lines.***/// ====================================================================================// SECTION 0 — Tag Functions to allow granular matching of templates to device. This is // the minimum information I need to classify all the devices in our network// ===================================================================================// Type of environmentexport get_list_match_from_tags(tags: Bag<String>, expectedValues: Bag<String>) = max(foreach v in expectedValues where v in tags select v);export get_env_from_tags(tags: Bag<String>)= get_list_match_

On June 18, 2026, CISA issued an urgent advisory warning that malicious cyber actors — believed to be a Russian-speaking criminal group — have compromised nearly 74,000 Fortinet firewall and VPN devices across 194 countries in a campaign now dubbed FortiBleed. The list of affected organizations spans global enterprises and, most alarmingly, a Turkish NATO defense contractor from which classified documents were successfully exfiltrated. As of this writing, independent telemetry puts the number of compromised devices at over 86,000.CISA’s recommended actions are straightforward: terminate all SSL VPN and administrative sessions, reset credentials, enable phishing-resistant MFA, migrate password storage to PBKDF2 hashing, and restrict management interfaces from the public internet.Good advice. But reactive. The more important question is: could your team have known these conditions existed before attackers found them?The answer, for organizations running Forward Networks, is yes.The campa

A discussion at Cisco Live this year got me thinking about network emulation and digital twins. About six months ago, I started building Skyforge, an internal network emulation platform at Forward. The project started as an attempt to solve a practical problem: how do you quickly create realistic multi-vendor environments for demos, testing, and experimentation without maintaining racks of physical hardware? The name comes from The Elder Scrolls V: Skyrim, which is probably what happens when you spend too many hours playing video games and then find yourself naming infrastructure projects. Skyforge uses Kubernetes to orchestrate and manage emulated network environments, along with netlab to generate topologies, configurations, and deployment artifacts across multiple vendors. None of those technologies are particularly new, and individually they're all excellent at what they do. What surprised me wasn't getting the individual pieces working. What surprised me was how quickly the proble

As part of a network initiative, I’m sharing all the scripts that I have worked on to create an audit program. These files feed are then fed into PowerBi for better visualization by engineers and mgmt.First step is create a utility called, “tag_var_util” to grab tags, of which, will be used as part of the logic to assign a template to different sets of attribtues.This utility will then be imported on all other NQE Audit Scripts. // Create a new NQE Function called: tag_var_util// Add the following utility to extract tags given to devices in Forward Networks Sources// TAGS to identify Environmentexport get_env_from_tags(tags: Bag)= get_list_match_from_tags(tags, ["DC", "CoLo", "Branch", "AWS"]);// TAGS to identify a sub category of locationexport get_SubDc_from_tags(tags: Bag)= get_list_match_from_tags(tags, ["Branch", "DC01", "DC02" ]);// TAGS to identify which managers owns the productexport get_mgr_from_tags(tags: Bag)= get_list_match_from_tags(tags, ["Moe", "Larry", "Curly"]);//

CISA issued Binding Operational Directive 26-04 on June 10, 2026, fundamentally reshaping how federal agencies must prioritize and remediate vulnerabilities. Rather than treating all CVEs with equal urgency, BOD 26-04 establishes a risk-tiered patching framework built around four variables: whether the asset is publicly exposed, whether the vulnerability is in the Known Exploited Vulnerabilities (KEV) catalog, whether the exploit can be automated by an adversary, and the technical impact an attacker achieves after exploitation. The directive allows agencies to defer the lowest-risk vulnerabilities entirely to the next system upgrade, while demanding the fastest action—three days—on the highest-risk combinations. This post outlines what the directive requires and how Forward Enterprise helps organizations answer the questions that determine each risk tier. This directive supersedes both BOD 22-01 (Known Exploited Vulnerabilities) and BOD 19-02 (Vulnerability Remediation for Internet-Acc

As part of a network initiative, I’m sharing all the scripts that I have worked on to create an audit program. These files feed are then fed into PowerBi for better visualization by engineers and mgmt.Power Bi Display of Forward NQE belowStarting with AAA.First step is create a utility called, “tag_var_util” to grab tags, of which, will be used as part of the logic to assign a template to different sets of attribtues.This utility will then be imported on all other NQE Audit Scripts.// Best practice is to tag all devices with the following:// Environment && Sub-Environment && Manager && Region && Function && VRF && Mgmt-Interface (source interface for mgmt. traffic)// Each Script will import the utilities: import "PROD/Standards_Network/NetworkVars/tag_var_util"; let region = get_region_from_tags(device.tagNames) let deviceFunc = get_function_from_tags(device.tagNames) let environment = get_env_from_tags(device.tagNames) let vrf

we are using below format to collect the data from Fortinet firewall for custom command. endconfig globalshow system dnsshow system ntp can anyone check and confirm ,these will not impact anything ,if i remove config gloabl , than command will not run. 

There is a specific section of the AFM config which refers to the default action of the firewall, the below query checks that the default action is Drop.F5 AFM Config to check for.}sys db tm.fw.defaultaction {    value "drop"} /** * @intent Check that all F5's that are running AFM have the default action set to deny * @description THis will check sys db tm.fw.defaultaction for the value drop and error * if it is not drop. **/// Note {} have been removed as they can not be included in the pattern.defaultPattern = ```sys db tm.fw.defaultaction value "drop"```;foreach device in network.deviceswhere device.platform.os == OS.F5foreach command in device.outputs.commands//Check for only the F5's with AFM Configwhere command.commandType == CommandType.F5_AFM_CONFIG//Extract the command response.let AFMConfig = parseConfigBlocks(OS.F5,command.response)//Match the patternlet match = blockMatches(AFMConfig,defaultPattern)let violation = if length(match) == 0 then true else falselet DropActio